NAT 时未捕获前一个 TCP 段

tag-icon tag-icon cisco nat tcp packets lost
NAT 时未捕获前一个 TCP 段

我有一个客户端请求 NAT 后面的服务器上的 Web 服务。我的客户端 IP 是 10.54.10.193 NAT 地址:10.54.28.183 服务器地址:62.209.39.203

当客户端在服务器上请求 Web 服务时,我们有未捕获的 TCP 前一个段,如下图所示: 客户端捕获

但在服务器端一切似乎正常,如下图所示: 服务器端捕获

当我运行 debug ip nat Detailed 时收到此错误:

*Aug 21 20:52:52.256: NAT*: Can't create new inside entry - forced_punt_flags: 0 
*Aug 21 20:52:52.256: NAT*: i: tcp (62.209.39.203, 8083) -> (10.54.10.193, 64652) [30259] 
*Aug 21 20:52:52.256: NAT*: s=62.209.39.203->10.54.28.183, d=10.54.10.193 [30259]

我的配置如下:

Current configuration : 2873 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname VDC-CTIN-3725
!
boot-start-marker
boot system flash:c3725-advsecurityk9-mz.124-15.T14.bin
boot-end-marker
!
no aaa new-model
no network-clock-participate slot 1
ip cef
!
!
!
!
!
multilink bundle-name authenticated

interface Loopback0
 ip address 10.54.1.1 255.255.255.255
!
interface FastEthernet0/0
 description LAN-IDC
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip nat enable
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 123.30.169.46 255.255.255.192
 ip nat inside
 ip nat enable
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map Mobifone-to-Nuance
!
interface FastEthernet1/0
 description MobiFone Metronet
 ip address 10.54.28.183 255.255.255.224
 ip nat outside
 ip nat enable
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1/1
 description VinaPhone
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.54.10.0 255.255.255.0 FastEthernet1/0 10.54.28.161 name VMS-PS
ip route 10.54.30.0 255.255.255.0 FastEthernet1/0 10.54.28.161 name VMS-VG
!
!
no ip http server
no ip http secure-server
ip nat source static tcp 192.168.1.2 3389 interface FastEthernet0/1 3389
ip nat inside source list 100 interface FastEthernet1/0 overload
ip nat inside source static tcp 62.209.39.197 8080 10.54.28.183 8080 extendable
ip nat inside source static tcp 62.209.39.203 8083 10.54.28.183 8083 extendable
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 10.54.0.0 0.0.255.255
access-list 100 permit ip 62.209.39.192 0.0.0.15 10.54.0.0 0.0.255.255
access-list 100 permit icmp 62.209.39.192 0.0.0.15 10.54.0.0 0.0.255.255
access-list 101 permit ip 10.54.0.0 0.0.255.255 62.209.39.192 0.0.0.15
access-list 101 permit ip 192.168.1.0 0.0.0.255 62.209.39.192 0.0.0.15
access-list 101 permit icmp 192.168.1.0 0.0.0.255 62.209.39.192 0.0.0.15

我的 NAT 配置有问题吗?请帮帮我。

相关内容